NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key + R on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

Save the file as fixlist.txt in to the same location as FRST64.exe.
Right-click the FRST64.exe icon and select Run as administrator to run the tool.
Click the Fix button only once and wait.
When finished FRST will generate a log (Fixlog.txt) on the same folder where FRST64.exe is located. Please post its content to your next reply.

NOTE. It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

Next,

Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the following extensions:

So I continued with the instructions after that. Below are the logs for Fixlog + Malwarebytes. As hard as I tried to, ADW Cleaner was downloading like nothing I've seen before. It would seemingly download fine, but when opening and starting to scan, the exe file and all would vanish (!?) from the folder where it had been downloaded. Tried downloading in multiple folders since I started to get over and over 'Insufficient Permissions' error so I could not download such, thus no log was obtained. I also struggle with Malware Bytes, but eventually got it going, so I did get a log.

BTW, I had to resort to starting the PC in Safe Mode since it seems like it may be getting worse. Microsoft Windows gets stuck often, harder to open even Notepad. Hard to reboot, so typically I have to force shutdown by switching off the PC. Here are the logs:

One more piece of important information. Since I was unable to do much with the 'sick' PC, I transferred the logs from the 'sick' PC (in Safe Mode, otherwise nothing was working), and sent them using another PC.

In yet another twist of events, I found that even in Safe Mode, none of the MS Office (Word, XL, PPT) work. The file opens, then an MS Office license box pops up briefly and soon thereafter an error box saying "Microsoft Office cannot verify the license for this application. A repair attempt failed or was cancelled by the user. The application will now shut down."

I noticed that the preview feature does show the file (I assume it is only a 'viewer' so why not). I copied on USB some of these files and they are readable and editable on a good PC.

**Latest!** I tried to open a Notepad file on the malfunctioning PC. I let it do its thing spinning its wheels for who knows, like half an hour. I just saw the Notepad file finally had opened a few seconds ago. I will try the same with MS Office files. I will keep you updated. More of this unusually slow behaviour may be trickling your way in the next few hours.

Hi Android 8888, one more finding. I restarted in regular mode (not safe mode) and as I mentioned above, Notepad opened after a looong time. So, decided to open an Excel file, to find, after another very long time that I got a 'Microsoft Office Activation Wizard' window for 'Microsoft Office Home and Student 2010 - Activation Wizard'. The message 'Thank you for installing MS Office Home & Student 2010. Activation is required ...' bugs me. This software we purchased a long time ago. Options given are to activate the software over the internet (recommended, of course), or by telephone. As I mentioned above, I cannot any longer connect to the internet so I am using a separate PC to communicate with you. So, that is the latest :-( Have we done some irreversible damage to MS Office? I was able to open Excel and connect to the internet just a couple of days when this whole fixing process was started. Your thoughts are appreciated.

Hmmmm, just for kicks tried the activation via phone, just to get a message saying that Telephone Activation is no longer supported for the MS Office on the PC. I got the installation ID so I will copy for what it is worth.

Android 8888, well... things are looking better all of the sudden! Monkeying around, I tried to test the MS Office activation via internet, and somehow it approved the authentication -- just like that! since I didnt have internet connection at that moment. Kept trying the opening of documents (Notepad, Word, etc.). An hour ago things were still bleak, slow... and things are getting better, opening faster. Hopefully for good. I am going to restart and see if things hold.

Android 8888, bear with me. As of today Sat Dec 2, 2017 1:40pm ET, the PC is sort of the same as before, BUT I was able to download and Scan ADWCleaner. Maybe things got out of sequence, but I am attaching the logs I got from the ADWCleaner. Please advice on the best steps based on the current status of the system. Just to get you a sense of how things are, saving files takes between 10 to 15 minutes to 'prepare' the system and give you the Save option. Never mind if you want to change to another folder to change the file, that will add another 5 to 10 minutes. With that said, I hope you have a good day :-) , and here are the logs:

The Coupon Printer for Windows and Savings Button: Deals + Cash Back were not there.

Hard Booting (as bad as it may be) seems to be right now the only way to get the PC going. If off, then turning on; or from hibernation, it hangs up and doesn't do much for a long time. Even hard booting took about 6-8 minutes before I was able to open Chrome. I guess might be the old WIndows 7 (?)

Right-click on the icon and select Run as administrator to install the program.

Click Yes to accept the UAC security warning that may appear.

Select the language and click the OK button.

Click the Next button, accept the EULA warning and follow the instructions to continue and install the program.

Once the installation is complete it will start automatically. Wait a few seconds until the update of signature database is complete.

Without changing any options, click Scan to begin.

After the short scan is finished, if threats are detected click Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.

Click on the Back button.

On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.

Here are the reports. I have to admit that I struggled immensely to get them to work, and BTW, the Roguekiller I did the Scan in Safe Mode because for what seem to be dozens of attempts in Normal Mode, the RK wasn't working. It took me also many attempts to install the Zemana (only in Normal Mode would work). I don't know if the instructions' last three (or four?) steps may be out of sync a bit, but because of the sequence of events, this is what I had to do:

After the Zemana Scan, one malicious file was detected. You requested to reboot, but I was concerned given all the problems I had experienced, to not be able to get the repost, so I clicked on the 'Back' button prior to reboot. I clicked Reports, no 'latest reports' showed up, except the following information, which I had to type myself. The malicious file was quarantined.

First the RK report, followed by MY TRANSCRIPT of the Zemana findings. I did reboot the PC. It seems to be moving along much better.

Now that things are running better, please let me know if I shall re-run any of the Malware Applications.

The computer seems to be a bit better every time we have done extra steps. Only thing I noticed today, prior to performing the MalwareBYtes and ESETScan, I left the PC in hybernation mode and when I went to wake up the PC, it was not very responsive, so I rebooted. So far after that it is behaving well. Here are the logs. BTW, at the end of the ESETScan the instructions you gave me were a bit different from what I saw on the ESETScan box. There was no **Export** but there was a copy to .txt option, which I assume is the equivalent. I did not delete everything (I hesitated since the scan took 5 hours!!). The log seems to indicate that the found threats were deleted. No **Back** or **Finish** button, but I did get the log in text format, and it is below:

Good news!
Malwarebytes found no threats and ESET cleaned all the remnants it found. At this stage your computer appear to be clean!

Now it's time to search for updates. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.

One comment before I post the log. If I power up the PC either from the off position, or from hybernation, the system seems to hang and not do anything even after 12+ minutes. Some activity is happening as I see some icons populating the icon bar at the bottom of the monitor. If I click on the web browser (Explorer, Firefox or Chrome) the icon lightens up as if it was responding, only to go 'dormant' in around 5 seconds. I can try and try multiple times and still the same, no opening of much any programs, sometimes not even Notepad documents . . . until I do a hard reboot (hit the power button off, then on again). After another 6 minutes or so (antiquated Windows 7) the PC will then work just fine. Just wondering if such lack of response may be due to anything in particular that you can think of. Here is the log:

Thanks for the log. I see the Avast Antivirus is disabled. Please re-enable it (if you have not already done it).

Just wondering if such lack of response may be due to anything in particular that you can think of.

The main cause is the disk I/O (Input/Output) reading and writing. Reading and writing to a physical disk is much slower than from RAM (Random Access Memory). When your computer resumes from disk (hibernation) it also has to power up the components which may cause some slowdown. This is highly dependent on the amount of RAM and the type of drive (HDD or SSD) installed on the computer.

The PC seems to be doing fine. Will have to deal with the I/O reading + writing and see how things feel in the next few days. But things are up and running. Awesome job! I have been using spywareinfoforum since 2004 . . . as needed. I deeply appreciate your work. As always, I will make a donation. You are awesome. Thanks! Have a good day and week.

Remove disinfection tools (this option will remove the tools used in the cleaning process).

Create registry backup (this option will create a backup from the Windows Registry).

Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).

Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).

Once the options mentioned above are checked, click on Run;

After DelFix is done running, a log will open. Close and delete it, I don't need to see it.

If all is well with the computer, below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

One of the most feared threat at the moment is a Ransomware infection. A Ransomware is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. Vulnerabilities are often exploited in order to install malware on your PC.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.